The security functions are made up of the following components:

• System access control:
  System access control is defined in the USER statement, see below.

• Administration authorization:
  Administration authorization is assigned in the USER statement or the OSI-LPAP statement, see "Assigning administration authorizations".

• Data access control:
  Data access control is specified using the operands KSET, USER-KSET or ASS-KSET of the USER, LTERM, TPOOL or OSI-LPAP statement. Data access protection must be defined within the framework of a lock/key code concept or of the access list concept and is described in detail in section "Data access control". Data access control for OpenCPIC clients is generated in the same way as described in section "Protection measures for job-receiving services" (Data access control with distributed processing).

• Encryption:
  openUTM is supporting message encryption for the communication with specific clients. The encryption level is specified in the operand ENCRYPTION-LEVEL of the PTERM, TPOOL or TAC statement. A detailed description of message encryption can be found in section "Message encryption on connections to clients".